BIT-ENVOY-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString()

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

CVE-2026-26309 Envoy has an off-by-one write in JsonEscaper::escapeString()

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the...

PT-2026-24617

Summary An off-by-one write in Envoy::JsonEscaper::escapeString can corrupt std::string null-termination, causing undefined behavior and potentially leading to crashes or out-of-bounds reads when the resulting string is later treated as a C-string. Details The bug is in the control-character...

Envoy 安全漏洞

Envoy is an open-source gateway program developed by Enphase, used to connect smart home devices. There are security vulnerabilities in versions of Envoy prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13. These vulnerabilities stem from a race condition in the JsonEscaper::escapeString function, which...

OSV-2021-1678 Heap-buffer-overflow in flatbuffers::EscapeString

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42244 Crash type: Heap-buffer-overflow READ 1 Crash state: flatbuffers::EscapeString flexbuffers::Reference::ToString void flexbuffers::AppendToString...

OSV-2021-520 Heap-buffer-overflow in flatbuffers::EscapeString

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32008 Crash type: Heap-buffer-overflow READ 1 Crash state: flatbuffers::EscapeString flexbuffers::Reference::ToString void flexbuffers::AppendToString...